Tuesday, September 2, 2008

Windows 2003 terminal service Crack / Hack / Bug

In Windows 2000, Terminal Services only included a "Per Device" licensing mode.This means if you have 5 people sharing 1 workstation and they all use TS on a server, they only require 1 TS CAL. However in today's world of throw away computers and telecommuting, the reality is most companies will have more than 1 "device" (computer) per employee. This means for 1 power user you may have to supply 2 or 3 TS CALs. This obviously isnt fair. Microsoft made up for this partly in 2000 by letting 2000 Pro or XP Pro machines connect to a 2000 TS Server effectively for free. TS CALs for these devices come from an unlimited pool on the TS Licensing Server automatically.

Microsoft was pressured in Windows 2003 to introduce a Per User licensing mode as it was expected that an XP Client license would no longer include a TS CAL. This would allow 1 Power User to use as many PCs as they wanted while consuming only 1 TS CAL. Since companies now have to pay for EVERY TS CAL in 2003, this made alot more sense.

Well with all the feature updates in 2003 Server, someone forgot to "finish" the Licensing Code for Per User. (In theory all they had to do was assign a CAL to the user's SID, but in workgroups this may not work as expected, so who knows).Well rather than pulling the (expected) Per User licensing mode, Microsoft released it in such a way that it barely works.

In a Per Device mode, the TS Licensing server has to have 2 things.1) Needs to be "Activated" (This registers the TS Lic server with MS, but its totally free)2) Needs to have Per Device TS CALs added to the Licensing Server

However, in Per USer mode, the TS Licensing server only needs #1.What? You dont beleive me? Check this URL:- http://www.microsoft.com/windowsserver2003/techinfo/overview/termservlic.mspx- Download and open the 2003 TS Licensing Whitepaper.- Look in the section called "Client License Distribution Per User"- Notice that section is VERY short and read the first sentence as its specifically says "must be able to locate a license server" as the only requirement.

The caveat to this is 2003 defaults to Per Device mode and needs to be changed to Per User mode in order use (exploit) this feature (bug).

To change your licensing Mode:- Launch Terminal Server Configuration from Administrative Tools.- Select Server Options on the left- Double Click Licensing Mode on the right. Change the mode to Per User and then reboot.NOTE: If you are adding TS and your source disk was 2003 with SP1 integrated, you will actually be prompted for your licensing mode and licensing server discovery method during the install. This makes it alot easier.

Something not documented very well in the white paper is also the easiest way to point your TS Server at a specific Licensing server. If you don't have TS Licensing setup in AD properly and your TS Licensing server is NOT on the same subnet as the Licensing server, this is the fastest and easiest way to force the TS Server to see the Licensing Server.

Add a Registry key (not a Reg Entry but a Key (looks like a folder)) like the following.You will probably need to add the LicenseServers key as well.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers\LICSERVERNAMEWhere LICSERVERNAME is the name of your License Server. It can also be the IP or FQDN of the License Server if need be. This KB Article explains it:http://support.microsoft.com/kb/279561

Just keep in mind that if you do this at your company, and you ever get audited by MS and they find you dont have any Per User TS CALs at least purchased, your going to be in some serious trouble. The funny part is they dont have an easy way to tell how many your supposed to have purchased anyway because the licensing is broken and cant track valid licesnes properly anyway.

I personally found this all out because I put 1000 Per User TS CALs on my Licensing Server my company purchased. Several months later after I pointed 30+ TS Servers at this license server (all in Per User Mode of course), I was surprised to find it said I had Zero issued and 1000 still available. I opened a case with MS where they embarrassingly explained to me this glitch.